A user that mistakenly calls either create() or addToken() with WETH (or another ERC20) as the input token, but includes native ETH with the function call will have his native ETH permanently locked in the contract.
Recommended Mitigation Steps
It is best to ensure that msg.value = 0 in _transferInputTokens() for the scenario mentioned above.
} else if (address(_inputToken) == ETH) {
...
} else {
require(msg.value == 0, "NestedFactory::_transferInputTokens: ETH sent for non-ETH transfer");
_inputToken.safeTransferFrom(_msgSender(), address(this), _inputTokenAmount);
}
Handle
GreyArt
Vulnerability details
Impact
A user that mistakenly calls either
create()oraddToken()with WETH (or another ERC20) as the input token, but includes native ETH with the function call will have his native ETH permanently locked in the contract.Recommended Mitigation Steps
It is best to ensure that
msg.value = 0in_transferInputTokens()for the scenario mentioned above.